Privacy Policy

Account data: name, email, authentication identifiers (e.g. Google OAuth ID), password hashes, locale.

Usage data: habits, goals, streaks, completion logs, notes, reminders, and timestamps you create inside the Service.

Billing data: handled by Stripe. We store a Stripe customer ID and subscription status, never full card numbers.

Device data: IP address, browser, OS, device identifiers, and crash/diagnostic logs.

Cookies and similar: session cookies for authentication, language preference, and a Meta (Facebook) Pixel for conversion measurement. You may disable non-essential cookies via your browser.

Provide and maintain the Service (sync habits, compute streaks, send reminders).

Authenticate accounts and secure the Service.

Process payments and manage subscriptions via Stripe.

Send transactional email (verification, password reset, receipts).

Improve product quality, debug, and measure marketing performance.

We process personal data based on contract (to deliver the Service you signed up for), legitimate interest (security, analytics, product improvement), consent (marketing cookies, push notifications), and legal obligation (tax, accounting).

We do not sell your personal data. We share data only with processors acting on our instructions: Firebase/Google Cloud (hosting, authentication), Stripe (payments), and email delivery providers. Each processor is bound by a data processing agreement.

We retain account data while your account is active. If you delete your account, we delete or anonymize personal data within 30 days, except where retention is required by law (e.g. billing records kept up to 7 years).

Depending on your jurisdiction (EEA/UK GDPR, California CCPA, etc.) you may access, correct, export, or delete your data, object to processing, and lodge a complaint with a supervisory authority. Request any of these by emailing us at the address below.

We use TLS in transit, encryption at rest, hashed passwords, and least-privilege access controls. No system is 100% secure; report suspected incidents to us promptly.

The Service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect data from children. Contact us if you believe a child has provided us data.

Your data may be processed in countries other than your own, including the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

We may update this Policy. Material changes will be notified in-app or by email. Continued use after changes constitutes acceptance.

Questions or requests: rachometro@smartteachme.com.